From Funtoo
Revision as of 04:05, 26 March 2014 by 666threesixes666 (Talk)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.



To install sshguard:

# emerge app-admin/sshguard


sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.


overly strict rules /etc/conf.d/sshguard SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"


sshguard will fail to start unless it has proper authorization logs to monitor.

/etc/conf.d/sshguard syslog-ng log location: SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"


IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

# iptables -N sshguard

&& to block all trafic from offenders

#iptables -A INPUT -j sshguard

Boot Service


To start sshguard immediately:

#rc-service sshguard start

To start sshguard upon reboot:

#rc-update add sshguard default

External Resources